I assume that very few sme groups have formal data-sharing agreements – although I have no data to justify this suspicion – for the simple reason that, in the past, there was a low risk of not complying with the rules on the sharing of personal data within groups. It remains to be seen whether this will change under the new data protection regime. While the potential penalties for non-compliance are more severe, supervisory authorities` resources are already overburdened and this type of disguised compliance issue may not be brought to anyone`s attention unless there is a serious data breach. Even then, the lack of agreement on data sharing might not be significant. The GDPR is of dual importance for finance and tax professionals: first, the new fine rates are economically important, which raises the question of how the associated risks should be distributed among the companies in the group. Second, intra-group contractual arrangements between controllers, processors and processors must be integrated into the processing of intercompany agreements for transfer pricing purposes. 1.1.8.2 the transmission of personal data of the company of a subcontractor to a subcontractor or between two entities of a subcontractor, if such transfer was prohibited by data protection legislation (or by the terms of data transfer agreements concluded to address the data protection limitations of data protection legislation); Most organizations now have the measure of these rules and are able to conclude contracts with third parties. One of the areas in which they are less coherent concerns intergroup agreements, i.e. contracts between affiliated undertakings, undertakings in the same commercial group. BCRs are an attractive alternative for intra-group data transmission agreements, and if CSC-based transfers are further examined, the benefits of BCR would only increase. In addition, global data protection programs could benefit from BCRs, not only as an “easy-to-control” data transmission vehicle, but also as an improvement in operational efficiency and as a regulatory blessing of the compliance approach implemented. .

. .